Providing access from nearly anywhere, Wireless Local Area Networks (WLANs) deliver a great deal of flexibility to business networks and their applications. It’s important to note that WLANs are also susceptible to vulnerabilities, misuse, and attacks from unauthorized devices known as rogue wireless devices. To safeguard company data and ensure smooth operations, it’s crucial to take steps to prevent, detect, and block unwarranted activity associated with these rogue wireless devices.

What are Rogue Wireless Access Points?

As more wireless devices are introduced into a network, more wireless access points and transmissions within the network's proximity are also created. When this happens, new, previously unknown access points (AP) from a neighbor’s network can sometimes be introduced into your network. These are rogue wireless access points, and their source can many times come unintentionally from employees. On the other hand, the source can be a malicious one who is intentionally installing and hiding the AP in order to gather proprietary information.

It’s tough to differentiate between genuine and rogue devices. But, no matter what the intent, all unauthorized wireless devices operating within the vicinity of the company’s network should be considered wireless rogue devices that could be opening up unknown access points.

                                                                    Wireless Rogues.png

Types of Rogues

Neighbor Access Points: Normally workstations automatically associate themselves with access points based on criteria like strong signals, Extended Service Set Identifier (ESSID), and data rates. As a result, there are chances that trusted workstations accidentally associate themselves with an AP located close to, but outside the company network. Neighboring APs may not pose an immediate threat, but they do leave your company information exposed.

Ad Hoc Associations: Peer-to-peer wireless connections involve workstations directly connecting to other workstations in the same network. This facilitates file sharing or sending documents to a wireless printer. Peer-to-peer traffic generally bypasses network-enforced security measures like encryption and intrusion detection, making it even more difficult to detect or track this kind of data theft.

Unauthorized Access Points: Basic models of access points are easily available in the market. The existence of an unauthorized and unsecured AP installed intentionally or otherwise becomes an easy backdoor entry point into the company network. These unauthorized APs can be used to steal bandwidth, send objectionable content, retrieve confidential data, attack company assets, or even worse, attack others through your network.

Malicious Workstations: Malicious workstations eavesdrop or passively capture traffic in order to find passwords, log in information, email addresses, server information, and other company data. These workstations pose very serious risks and can connect to other workstations and APs. They redirect traffic using forged ARP and ICMP messages and are capable of launching Denial of Service (DoS) attacks.

Malicious Access Points: Attackers can place an AP inside or near company networks to steal confidential information or modify messages in transit. These attacks are also known as man-in-the-middle attacks. A malicious AP uses the same ESSID as an authorized AP. Workstations receiving a stronger signal from the malicious AP associate with it instead of the authorized AP. The malicious AP then modifies the data exchanged between the workstation and the authorized AP. This poses a great business risk because it allows sensitive data to be modified and circulated.

The rogue wireless device problem is one of the primary security threats in wireless networking. It’s capable of disclosing sensitive company information that if leaked, could be damaging to the organization. The first step to assess and mitigate business risks from wireless rogue devices is to detect them. Are you equipped to identify and detect rogue activity in your network?